We're releasing a Dependency Graph API in GraphQL that enables you to retrieve information about a repository's dependency graph. But that's not all; we are also adding a lightweight Repository Vulnerability Alerts API in GraphQL so you can get your security alerts through the API. You can stay up-to-date with the most recent changes using a webhooks that trigger when alerts are created, dismissed, or resolved.

Dependency Graph GraphQL API

We're introducing a new connection on Repository called dependencyGraphManifests which enables you to retrieve data about a repository's dependencies. Public repositories have dependency graph and security alerts enabled by default. For private repositories, you’ll need to Allow access in the Dependency graph section of your repository’s Insights tab.

To access this new API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.hawkgirl-preview

Repository Vulnerability Alerts GraphQL API

We're introducing a new connection on Repository called vulnerabilityAlerts which enables you to retrieve data about a repository's security alerts.

To access this new API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.vixen-preview

Repository Vulnerability Alerts Webhooks

We're introducing a new webhook event for repositories called repository_vulnerability_alert. You can get webhooks for create, dismiss, and resolve actions.

During the preview period, we may change aspects of these APIs based on developer feedback.
If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.